Getting an error when using CIS-CAT Pro Assessor to scan a postgres Database with ssl=true

Problem

Solution

The ongoing Postgres jdbc driver updates is effecting our tools use of ssl=true. More on that here: https://github.com/pgjdbc/pgjdbc/issues/1307 [There is a lot of information from community users in this thread.]

Postgres is, at least temporarily, switching to sslmode=require. If you require certificate validation this Postgres provided solution may not be ideal, especially if this option would mean no certificate validation.

Here’s the their official “fix” (they more or less replace ssl=true with sslmode=require) https://github.com/palantir/atlasdb/pull/5908

Once/ if Postgres fixes the root of this issue - the jdbc drivers - we would be able to start assessing if/how their fix would integrate into our tooling.

To track changes:

1. Keep an eye out for news that Postgres has resolved their jdbc driver issue

2. Join the : CIS Members : CIS-CAT Discussion CIS WorkBench Community

3. Search for, or start, a discussion around this topic. Since our Benchmarks are community driven, it is possible someone has/will have already started a similar discussion when the Postgres drivers are resolved.

   • These workbench discussions are with other community members and occasionally Developers and Benchmark Leads. They take suggestions and concerns into consideration as they develop future Benchmark and Benchmark revisions. It isn’t a ticketing-based support system and responses are not guaranteed.

4. Set up notifications for the community or the discussion itself to track and gauge interest

5. Check the CIS-CAT Pro Assessor v4 Change Logs for this feature to see which issues have been resolved/ integrated.
   
   

Keywords; postgres ssl=true

Content by Label